If you work in the European public sector, civil society, or any organisation that handles citizen data, you have probably felt the tension: the tools you rely on every day are built and controlled by companies outside the EU, subject to laws that directly conflict with European data protection principles. That tension is not theoretical. It is the daily reality that led us to build Prisma.
The problem is structural, not technical
In 2020, the Court of Justice of the European Union invalidated the EU-US Privacy Shield in what is now known as the Schrems II ruling. The court found that US surveillance laws — particularly Section 702 of FISA and Executive Order 12333 — make it fundamentally impossible to guarantee adequate protection for European personal data when it is processed by US-based providers.
The US CLOUD Act, enacted in 2018, compounded the issue. It grants US law enforcement the authority to compel any US-headquartered technology company to hand over data stored anywhere in the world, regardless of local privacy laws. This means that even if your data physically resides on servers in Frankfurt or Amsterdam, a US court order can reach it if the provider is a US entity.
For European organisations, the implication is stark: using cloud platforms, collaboration tools, or data-sharing infrastructure from US-based vendors creates a permanent compliance risk under GDPR. The new EU-US Data Privacy Framework adopted in 2023 has not resolved the underlying structural conflict — it remains subject to legal challenge, and many privacy experts consider it a temporary arrangement at best.
Digital sovereignty is not isolationism
There is a common misconception that advocating for digital sovereignty means rejecting international collaboration or retreating behind digital borders. That is not what we mean, and it is not what Prisma does.
Digital sovereignty, as we understand it, means ensuring that the organisations and citizens of Europe retain meaningful control over their own data infrastructure. It means that the rules governing how data is stored, shared, and accessed are set by European institutions and enforceable under European law — not overridden by extraterritorial legal reach.
Prisma is designed to enable collaboration, not prevent it. The entire platform is built on open, internationally recognised W3C standards. Anyone, anywhere, can interoperate with a Prisma node. But the governance of each node — who can access what, under which conditions, with what audit trail — remains under the control of the organisation that operates it.
Why open standards are non-negotiable
We made a deliberate choice early in the project: Prisma would be built entirely on W3C and other open standards. No proprietary protocols, no vendor-specific APIs, no dependencies on any single cloud provider.
This is not ideological purism. It is a practical requirement for any infrastructure that aims to serve the public interest over the long term:
- DCAT2 for dataset cataloguing ensures that any standards-compliant tool can discover and index Prisma resources.
- PROV-O for provenance tracking creates a verifiable chain of custody for every piece of information.
- ODRL for access policies lets organisations express fine-grained data-sharing rules in a machine-readable format.
- SHACL for data validation ensures that incoming data conforms to agreed schemas before it enters the system.
- SPARQL as the query interface means that federated queries can span multiple organisations without requiring a centralised data warehouse.
These are not exotic technologies. They are mature, well-documented, and supported by a broad ecosystem of tools. What makes Prisma different is that we use them together, as a coherent stack, to deliver a complete information-sharing platform.
The NLnet connection
Prisma is being developed with support from NLnet, a foundation that has been funding open internet infrastructure since 1997. NLnet's NGI (Next Generation Internet) programme, funded by the European Commission, specifically targets projects that contribute to a more resilient, trustworthy, and open internet.
The alignment between Prisma's goals and NLnet's mission is natural. NLnet funds infrastructure, not products. It funds open standards, not proprietary platforms. And it funds European digital autonomy, not dependency.
Prisma is not a product competing with commercial SaaS offerings. It is infrastructure — a public good that any organisation can deploy, audit, and extend.
Our NLnet funding application covers three core components: the Autonomous Node Protocol (ANP) for peer-to-peer communication, the Federation layer for cross-organisation queries, and the TALER integration for privacy-preserving payments. Each of these components addresses a specific gap in the current European digital infrastructure landscape.
Why now
The regulatory environment has never been more favourable for sovereign digital infrastructure. The EU Data Act, the Data Governance Act, the Digital Markets Act, and the AI Act collectively create both the legal framework and the market demand for platforms like Prisma.
At the same time, the technical building blocks have matured. Linked data technologies that were considered experimental a decade ago are now production-ready. Federated query protocols have been battle-tested in large-scale deployments. Privacy-preserving payment systems like GNU Taler have reached a level of maturity that makes integration practical.
The question is no longer whether Europe needs sovereign information-sharing infrastructure. The question is whether we build it ourselves, on our own terms, or accept permanent dependency on infrastructure we do not control.
We chose to build. That is why Prisma exists.
Questions or feedback? Reach us at info@prisma-platform.eu or visit the project on Codeberg.